Versions Compared

Old Version 52

changes.mady.by.user Hari C S

Saved on

compared with

New Version 53

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

a) Lifecycle management of a “Vault” - How user can create, change, delete a given Vault and its CRUD (Create, Re operation for a a given set of Vaults and associated policies. 

       - This wil be at root level configuration for EdgeDevConfig, consists of a list of vault parameter detail.A list of vault configuration as part of the EVE node configuration

       - EVE node will post the status messages for the Vaule CRUD operation. 

b) Association of Edge Containers with a Vault - To control data at rest requirements of a Edge Container

...

       - This will be used for remote attestation on reboot of a device and periodic challengeschallenge/response exchange.

              This will be done device reboot along with periodic frequency.

Same API that carries other config, handled by zedAgent

...

Data handling policy will define, sensitive storage data handling, on encryption algorithm change, 

  • Retain
  • Destroy

Retain: This is the normal mode of operation.

...

Attestation Challenge will be handled by TPM manager, after zedagent publishes the config to TPM Manager. Details about attestation are outside the scope of this document. What concerns here is the fact that, based on attestation outcome, EVC can choose not to may not (based on user configured policies) reveal the Vault Key, by not sending any Vault config to EVE.

...